search

KAIST-IS521 / 2018s-gitctf-team5

1 stars 0 forks source link

exploit-bug2 #47

Closed sunnyeo closed 6 years ago

sunnyeo commented 6 years ago

-----BEGIN PGP MESSAGE----- Version: GnuPG v1

hQEMAy8nZUIPGP0nAQf9G5+SE2NFX1iV7nlDms9CAKtyV3fELSYY0ldd8GGz+jHr e+B8ymYY7Z785L1eAwYR7YCIKbQaft9LsLCjX/23+VG0Bw4sk6ehKdM+i0xnnjNE d+UtSnxO2oa1rnpMTzlsBjUQ8kShmNI7NsKVxr1najv1aD6kMJa8FKoY7XvMD7+U EDo1/Sa4FIXZpCA6VBlpUvTO0NVlcnmU8eFld6ulAVqHL+3bBfscDVssr1SN5xB6 +Y1Y8BtWoM3zV7PnIAHEcs0el09xTnaz56b59Poqhz7kO3Tl5ld/B1Q7Ow8DhWY5 T8BFuq82uh2PXdDQttymPIcX7zP8AdgjsT9ValQBz4UBjAPcMgCV6N35oQEL/2BK 6IvQhW1UPhb/A1Zu1r05VGA2q1z30j7wi3+aDo3maprgmnH8uSXAtF2eJ+Yew7m4 Js4zttaSxRp+2syRaW4SPXwQ+k1ePGQtw7sRdirDci3iWE/xIn3D1nGYvTD3DnFu Gd3Kneg63BeOxdVkV8swlMLiOz7BZzRL/kLd39kkKRhohhG5f3wu4qSyrWXrqbYM V3seZsTdtlMx3u4KWkln0U2dWoRhHjxegHzHgTIqQJkpe3PlSraJAvHqNq96fsPp ymbCPyoFPQcN0Wh/Agi5LQp8TtTcsFmXr/B0pNligmnQ4IH0Hf7MHTOGWRutsy16 kttMvawx2hi5Y4eSLFC6SLm9iR1A3P5ocA0EfDmlDcjjfPvcm5sy99Hsj0G1+Pyd j+2ihq3KxjECyvn1NvSsTVtRY5qgrQ0SbEJzCCk1H3c6U470YftVRbEOekMq/X3Q NKDudo+yNqmUV0cvDO9m3xb8k9Fft4A5DARlKtnDe51ENAcGNFvYnaJDdZRYcdLr Aes2O8YfsSUjJmhAL9dRN3yjK7m4ow7FhBZSB+/kiwYuhSv5NfeKbzt6iRA4QiSJ 0V/XH2J7NdLj+6CmRZGK342POY/wtrRnw9lBlWynwSizOBJq47HX5WXFYKbymWUy u0fp5ZoeZ+4dsoMUuSEFpyIAL8Ivb7DNpYrmYmqqbKuWnNtc/93qJOboFWtpLx/2 k1mnaCovSnbwa6WPqQinG7sFiuBOMeHgMM4Rf0H6GMWOGYtAUa9+vAzGz3gZ6vAJ s7RmIF/QcdpW2L6CkMvN7cJyC0L7Ak+R9QmJYpiGPdASfKJOmAu9dhO2q1nAtWJd cK4gNrMjhZ5SC1HDhldHtvEL3r57n0hHZvouLNhlew8IvNSiUlveJsCczaINaxgg kfn1ZcM+KP/At7z0T+h4d2Pl+gPa1ae+LN2SnGvFSL/VaGxkJ4zYT6ce7Shokik4 prxjRpK/llYx6Kj9p3uvr6hLY3qmjBWbss75SJ1nmq7uDqPrkDVeKlGe6XjEKcQx XTtk2AniWB1QiVGroTmuo99Czy0AOeyJkBd0kiJTCuHGbVF1AwJbJIFtyS8HZp8O aTttn0MaqvkXIuCpMZG66WgFSkh69faOiqEoRh8DZXz/vI62tMgvqttHGU3TM/Od mLYkxbq7ID4sJ9zUOIFTr2gzPTV0HA1YZVJ92TQ6EDxeJRyq5EuRCZnqqoOPNsGT YeXSEfFffmttZyWvWZX4EbusDBaTTn46hRR254PhGEAIruUNSXa8nHHl3DerMLnn R+Ygn18MCnvxasIOYH92XIS+kg3MpF3fHvCssBen1Z4Bo2CZGztv6umKZIQXhjS2 Ey/GlRDIzYSAmU/vFObx4ciuulevyzro3KsW8rDmhtrqXH8bHsMBh3PrIbvCyUDe w3RAdO0PRaGVWiZp59lo2QhBs+YjrDxPpos847envNCpGFOGQXvtjFNHvvHWrfDS u0s14+3NqmCb9O50weRtAIhVxEViOzEwgcpY+kopjORDwsZmnB4bMV4HFm7T4Pv/ swCED0M4uuA5JuOur5aOEdlk2/Sk0AO/D6B9JGSnH6fp12IJlU/gp7k4KGJt67LA ZifSccmP/m9CZh5v4WQ3b0zL2OdOSIzUs3MVccWrEWLsrznd4huC3v+pSeRzmJlL TFrRSOQHU+R30NCZ05n34WVbzTATNYfQZXOpSOeVJhIDwQhFoyczkq8bg7mNeWeE z/hPeYJCOSSvKLK+69VG2+rVrGWNEjrlQxDm/P6UPGZUMj2ZTEnnbnmCq5rfLI61 YrQLCIKDSHUq4vl2cFPQuAEr+srZ97tnUb8Ft1arRxy4bVBt9+8sGtXpxfhKMPbS +52xFO48YiNvGDbRoph4lb/vCjKp6jooAtivdR2893j0HJz6QiPKDIMPKJp4ddlp opHqlpHmqd4ASmsQs5FikV1KBb6d1JfTjsx7QKf7MJP/w+9svv5J3MBsPk65123X xv3PBSLeaL4/xHFRhCVOYRTqY5kKhJMCsEs1EA/lEQNWivYIhLYtWnCzoAwN45KH KTk//Yz/nc6yzXiEinJ+zYGn7rxwJYIfDbakJkXXnmlxrvXmvvwhCNhI7OJTexL3 mLmcPWFc07JmvWt7Q9p3P5tWboGLj+uART6NjPBmRUNw7tSYSYX03lf/Auqnfypb baCEPfJahKqBuvBuNUwty6DX5KlP5PpWrKRTIjugx/aTHkIuZV6KkMn19guFsQPw CFN/T0FYtJjeq6b6S1lJv3qzphMTJO51WvjRKGeMgEBpkTNVDh84cGcyO0AyNjE2 600OWRf+Ik4fKnHO+5TdesA7URGSMboySyZVbT0ft9+RC/p6SOJOTPyRDyoL/XOK 7qI5DErEdCGvRD+S1s550V/TJHaJyZPuVjlVhiP1yretI/Oeia9xW+Nx6bTf47h6 nS1xmk7sIBfLs7lGZGTmq4HPQzT4mb2XoT7g5GLfM9dZrVyt5HeigN25qzcjcfEI VLzeVQcCFQ43oWgxzhCBIitbHI9XI5p8dVmlSdUVdaqEZWc2+B+iF9XrbQgoIFu3 mjs5nZHCqEdG0umTgeuZu+LaFTVuNkZ7ssnP7cfBAh80CbNGhWgVrKhmgYPOYddx 7hkClOYdtAUIevF6N3tMum470NRzhXBPp8HAEjxlu8YoccTPSGph+/Cw+qDR6R+O 2FMhTES8nj95qz3PX2b8k00/mx8rgYg8h0gwj7AX5XyvVCABZnYBNsLdaX3S4RFG 7iuT1Zsvecti+C7ZnHAOAwSM2FpgWOZ60o6U5oPhyPo4MdSF1bGQ7BR5m9ETrVFo hWUZMkoIMVHefWaefTNxDMVpmBH1Bs/cm2z7//Hdy0Fpr/XVO+K1iyjigvx9NlFv 4n+xQkoLhuU6RgLBFiMHR8BC7TqHCHgVHW6smHuh7dNDAeTMcE3MfpQdTPCL8uWS rGhY+RbDOsBR3pqxSoEw3aYq8V7ZvXHrio3U9BPQBu9bTu79h31ohSeuqm+r8R84 k/EfYC+Ds3AK+xPYlUUXcniM8Us6B6KYB5YcuNB2OlrIl0XWpWUeaV1O6jzUdagl VFmbmVx5G5b4OPNEIwc6MZNn4GboX4tc4VoXjxzFGTkdjkOokZfg6f2HLf4T+9ke SwqYxYZQyqZKowp8TZ3+bWIECX20PDwcniw8cTPSFbmzbrCaJdMwDKHzY7M8OQ+z vVdDssH7JLT/WLD1X+dek13Ou1P5860UdffOsWBDn0bqGSZm0Nvd7lGaz2jxLWKQ fUEki5g59qQk3gEgt5GIi18NHD68Fvf+Ymm6VVzajeTaOs3XqJIDt4WuNSKjbVA3 9idGRJtzZ+IgwV90y6oxoNANtqeM/W7D7uZ3OGLCZvVsLLe4njbX5q92X3CpzRM8 WJaGhyidOf9XSIs7mQwFfMyzPDjn37HUIa8zRDYvNGVbzZjmxBEB0zeFrbvct3iv izTdUDm6y4f/J318yYY3Y/ZsLkRcdpq3HTWVs4SAUzJt42fwSssm0cKfOJ1Ry23w 60So3P8V9JO7M4udxaHeKVrdIYNR90lQft+0eWXYNQgFXy703YpWZJv62weNnnvc cyejwq+LZ5+CggnFXhlCFIu67eksHQAAoQ2j7Kx79sWRF2uQLIMrQ83ocfb6lBpK B8Pge8SjB2SydEFbvpXOmcSWHmav8AuiYe1X5w5VKrDQzLhBHAdE+mQVlSq5nA5Y t+gLE2KbjkXjuNT41J/MAG+BRP6iMg8CK9U0bFWRKaS6TFUBM+kH6Ttk3Qf0e2K3 lcwE3sico2dexBaVlpFzrMBS1+kC+s1641Qi9mo7KYBW6c0zYhT+19JzqrvkKCrm OWEcRtLtUs9XoQcTaFFhJQ4pAAswwWyqhZuzui6LxYsA16g0gOnZ2odHdop/ayX4 27Fkuq4EeyJ89uUjuDM2FLydc6s01Lx9RGG3DB6K3XvZ2f+ysmQHKSrC6jCwXGu7 liPCLhREQWuIr7+68d7ZIrDq9ApDF0Gf+uY2Oya/5n53u4LT8blFJ9JOv6oypEVr 1znof+H6Hf63QqcmuVzDi8fbZ1hvSdXHXL1yPPfQf/sujRLTw7nVpt99moNmykWq sAhX0SkUL0hMiDV9pDiJNSgwnNJfokpAAfOZ0JaENDojXSu0Wqnw/stIpwiK3aj3 P3/z3dFV3ei7x8ERgtg8bjpg7VTVL63Fqz0M1wWYFVgseoRrmL3B8FjnnCR2/h90 DyTfpw+NHhcDUjZlA9OydI2LUeIB51UgB/ViachPtGE/2viPUmRzA7lMyjpFFbZP TY4bHreqomzRfDIBmINcAA1szXtjWA27/NeznTSA+SZ3AUqhAgRFecEyK7r5UPIi VB3OIQw3UEcPCam60UhlURPlxiTKeXdhgBz9kJmZyQxHJT52ACcGMpn+qTYCvkUL XCDHtnTiBOT770YzJEaFBXJor6UFrgPgv0enbGy+4JQ0sFLLYiP/fLA9xV4MDJSR y9GaeNLNOb624UhGdbmE0AEZBz3gzoVK8xv5hsbEL+9O5gA+T2V1LeUzAdYu3gGK Cy2BsDh3nyF2lAqKdnrFVdyUqzgtu1DnQt1RBJdMffHkWps0ARbozDKgWxfGsBzC vMAXjPdHVvMSmKMzz2URw3oXtSPOmkPJLwMgsKVHHp1tL7tWiIOo3Lv/qs96Q0DN azSzBG2mofwHmPrldDLMYWW4X3fTslJ847UcatJlyoviumLXTjuBTep2MrK54OWM c0pGMpfW3CMhAJf6OyYoG1DdI23MwSY41Mh9x+n19tw510KhjQALmsN1MVZ3SHF6 6TPvonhYj4SgFy1TALji3xQqYn0B4oBsm8iyQCf+cIGbq/Sdmp90uQVgcV4mG9lx QNf3s2m1rzXIOfZ6nD1doOxGJB7ogfXQB4A= =Bo4f -----END PGP MESSAGE-----

softsec-is521 commented 6 years ago 
About exploit-bug2 (exploit-service branch)
[*] Starting service from 2018s-gitctf-team5 (branch '8a0b39b831e3bb1efdc845658089c0ae66a36fd7')
Sending build context to Docker daemon  2.193MB
Step 1/33 : FROM debian:latest
---> 8626492fecd3
Step 2/33 : MAINTAINER k1rh4 <k1rh4.lee@gmail.com>
---> Using cache
---> 8e9e3881ec66
Step 3/33 : RUN         sed -i 's/deb.debian.org/ftp.daumkakao.com/g' /etc/apt/sources.list
---> Using cache
---> d58cb6fc7f0d
Step 4/33 : RUN apt-get update
---> Using cache
---> f74c65dc9bfe
Step 5/33 : RUN apt-get install -y xinetd
---> Using cache
---> 845d6f85baa1
Step 6/33 : RUN apt-get install -y libsqlite3-dev
---> Using cache
---> ff66c0e5a29c
Step 7/33 : RUN apt-get install netcat -y
---> Using cache
---> df491e9bff6a
Step 8/33 : RUN apt-get install net-tools -y
---> Using cache
---> 93debded14f4
Step 9/33 : RUN apt-get install -y procps
---> Using cache
---> c472a4cdaf3f
Step 10/33 : RUN useradd -d /home/load load -s /bin/bash
---> Using cache
---> 88d6cfc64fa7
Step 11/33 : RUN mkdir /home/load
---> Using cache
---> 82e3bcea59ce
Step 12/33 : RUN chown -R root:load /home/load
---> Using cache
---> 5aa04924d1ab
Step 13/33 : RUN chmod 750 /home/load
---> Using cache
---> f51da5c3a761
Step 14/33 : ADD ./BUILD/prob /home/load/
---> Using cache
---> 5fa7dbc08b05
Step 15/33 : ADD ./BUILD/modify_usr /home/load/modify_usr
---> Using cache
---> 80d1f6379516
Step 16/33 : ADD ./BUILD/run.sh /home/load/run.sh
---> Using cache
---> 906323f975f1
Step 17/33 : ADD ./BUILD/usr.db /home/load/usr.db
---> Using cache
---> ba9251f94caa
Step 18/33 : RUN chown root:root /home/load/*
---> Using cache
---> bb326fbfe03f
Step 19/33 : RUN chmod 755 /home/load/run.sh
---> Using cache
---> 693348cb1317
Step 20/33 : RUN chmod 755 /home/load/modify_usr
---> Using cache
---> e9b9fc8366c5
Step 21/33 : RUN chmod 755 /home/load/prob
---> Using cache
---> 2b467833030a
Step 22/33 : RUN chmod 766 /home/load/usr.db
---> Using cache
---> e09ce7454b7a
Step 23/33 : RUN mkdir -p /var/ctf/
---> Using cache
---> 836e043d7be7
Step 24/33 : COPY ./flag    /var/ctf/flag
---> 22ada0fbefc3
Step 25/33 : RUN chown root:load /var/ctf/flag
---> Running in 7b199db915f0
Removing intermediate container 7b199db915f0
---> 96fa59bbafef
Step 26/33 : RUN chmod 440 /var/ctf/flag
---> Running in 5da000e6b98f
Removing intermediate container 5da000e6b98f
---> a810d3573f81
Step 27/33 : ADD ./SRC/load.xinetd /etc/xinetd.d/load
---> 0fadfa964a79
Step 28/33 : WORKDIR /home/load
Removing intermediate container 13990d7c6e08
---> 99588fae2cbf
Step 29/33 : ADD ./SRC/start.sh /start.sh
---> e8159223f2eb
Step 30/33 : RUN chmod +x /start.sh
---> Running in a0381fa1d9cc
Removing intermediate container a0381fa1d9cc
---> 8a9e5b51b467
Step 31/33 : RUN su load
---> Running in c0ff64b21b48
Removing intermediate container c0ff64b21b48
---> 72030fc400c8
Step 32/33 : RUN /start.sh &
---> Running in 575c5e0ca4e8
Removing intermediate container 575c5e0ca4e8
---> 05b4d7a5be95
Step 33/33 : ENTRYPOINT /start.sh
---> Running in 6f3eec987dec
Removing intermediate container 6f3eec987dec
---> c322d13ba0f7
Successfully built c322d13ba0f7
Successfully tagged 2018s-gitctf-team5-8a0b39b831e3bb1efdc845658089c0ae66a36fd7:latest
3b788fad07aba7837292ea07157933a386758bf453dd52ac3dd8616d9fd89a31
[*] Started service successfully
[*] Running exploit
Can not show your exploit log because it cannot decode the content of exploit
[*] Failed to run exploit

==========================
[*] Exploit returned : None
[*] Solution flag : cB580Iju0k
[*] Exploit returned a wrong flag string

[*] The exploit did not work.